MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c
SHA1 hash: 90f5017bbb77ee5b09c2e8602ea693421f7f183f
MD5 hash: a29fa790932e18f2ddbec34a84abe15a
File name:file.xls.img
Download: download sample
Signature GuLoader
File size:1'245'184 bytes
First seen:2020-05-22 09:54:50 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:SOC0wu7eg3eGbZJwaAfMrWjUOn0le9mlVCEY8pwG0CNClil729NG5ncvx:TjwiuwZSDJAe9VEY8p0CNj72H/p
TLSH 29450934F5A0EE42DA4D45F11E276B291427FCB529990AC3B2CF7B1C2B325C29A7135E
Reporter @abuse_ch
Tags:geo GuLoader img KOR


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm37.hanmail.net
Sending IP: 203.133.180.225
From: 이용종 <ogd7528@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.xls.img (contains "20200522_wj3.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Bj4Pk98k6226AN6WvT5V8g8bLwo9zUcc

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 32.20%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c9f2f2fc79dd24031077643b4715ea83c021f2ded837c68f426ce78b2dcf254c

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments